Thursday, March 22, 2018

Today’s episode of Incident Response Fail
involves a cybersecurity professional/bug bounty hunter, Mohamed
Suwaiz, and a driver training company in Texas, Smith
System, that seemed to stubbornly resist his efforts to alert
them to a data leak.

Although Suwaiz (@Msuwaiz
on Twitter) describes himself as being motivated by bug bounties,
when there’s no bounty to be had, he just gives information that he
finds to companies to help them secure their data.

A few days after we first met online while I was
investigating the Leon County Schools case, Suwaiz reached out to me
to tell me that he needed to talk to me.

“@drive_different is having huge data leak,”
he told me. He had already tried unsuccessfully to contact them via
emails, Facebook, Twitter, and by contacting an intermediary to help
him call the CTO, he explained. Calling from his part of the world
is not easy, he said, so he had enlisted the help of someone who
might help him get through.

So far, all of his attempts had failed to produce
any results.

[Details
follow… Bob]

What is interesting is why they didn’t do this
years ago. Should make for some interesting discussions with my
students.

Tools to
understand and monitor the collection of your data by Facebook and
Twitter

Fast Co. Design: Creative technologists are
developing their own tools for investigating, nudging, and altering
the world’s largest social network. “..To understand the kind of
information the platform may have on you, and how it may use it, turn
to Data
Selfie, a project developed by the artists Hang
Do Thi Duc and Regina
Flores Mirlast
year with funding from the New York City Economic Development
Corporation, the Mayor’s Office of Media and Entertainment, and the
NYC Media Lab. The Chrome extension generates a “selfie,” or
profile, of your Facebook activity and uses machine learning to
analyze that behavior in a way similar to Facebook itself. Are your
likes more liberal leaning? What does your behavior imply about your
psychological profile? Data Selfie–which doesn’t actually record
any data from you–offers a glimpse into the kind of behavioral
profiling that’s come to light through new revelations about
Cambridge Analytica and the leak of data of 50
million Facebook users. Check it out here…

J.
Nathan Matias, who founded the citizen behavioral science
platform CivilServant at MIT and is now a postdoc at Princeton
University, has blogged about his so-called “audits” over the
past year on Medium–for instance, running
his own experiments on how Facebook promotes images versus texts
with colored backgrounds and an earlier
experiment on the Pride reaction button. “How much can a
single person learn about Facebook with a little patience and a
spreadsheet?” he writes.
“More than you might expect!” Matias’s
posts include instructions on how to run your own Facebook audit,
and he even offers to help you do the statistics or coding if you
want to run your own test. “I have often argued that we need
independent testing of social tech, especially when a company’s
promises are great or the risks are substantial,” he writes.
“Sometimes when I suggest this, academics respond that independent
evaluations require long, complex work by experts. That’s not
always the case.” Learn more here.

Ben
Grosser, an artist and professor at University of Illinois at
Urbana-Champaign’s School of Art & Design, has written
about how these ubiquitous user interface elements deeply
influence user behavior. He has also built several Chrome
extensions that throw Facebook’s carefully honed algorithms into
chaos–like lobbing a digital smoke bomb on your News Feed…also
he has just launched a version of the Demetricator
for Twitter–a reminder that Facebook isn’t the
only social network worthy of our critical thought as users. Check
it out here…”

Perspective. Apparently, I have trouble digesting
big numbers because I had to read this article several times before I
understood exactly how much money we’re talking about. How can a
company be worth $50 billion less than its assets?

South African media company Naspers
Ltd. is cashing in a tiny sliver of one of the greatest
venture-capital investments ever.

… Naspers might have remained an obscure
publisher of South African newspapers and operator of pay-TV services
if not for its decision
in 2001 to invest $32 million in Tencent, a then little-known Chinese
startup. The stake is now
worth $175 billion and given that Naspers has a market value of about
$125.5 billion, it means investors place no value on
Naspers’ other operations and investments.

… The sale of 190 million shares, worth $10.6
billion based on Tencent’s closing price in Hong Kong on Thursday,
will cut the stake held by Naspers to 31.2 percent from 33.2 percent.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.